Recently, the former Director of the NSA and the CIA, (retired) General Michael Hayden, attended a forum in Washington, DC. In a speech entitled "The Tension Between Security and Liberty," General Hayden argued that section 702 of the Foreign Intelligence Surveillance Act, which grants the NSA access to certain forms of communications of US citizens, is vital to the security of the United States.
General Hayden also spoke about his disdain for alleged Internet anonymity, saying, "The problem I have with the Internet is that it's anonymous." Hayden's remarks are not surprising, and they further illustrate why the US government is the enemy of liberty and privacy.
When asked by an audience member of the potential geopolitical repercussions of ubiquitous US government surveillance, Hayden dismissed such concerns as frivolous. "We built it (the Internet) here," Hayden retorted, "and it was quintessentially American."
Hayden suggests that because the Internet had its birth in the US and much of the world's Internet's traffic goes through US servers hosted by American services, the NSA is partially justified in its spying apparatus. Not everyone agrees with General Hayden's analysis, however. Worse, assertions made by General Hayden and the US government have threatened to balkanize the Internet.
Today, the Internet is a global peer-to-peer open network, which essentially means the Internet is borderless and decentralized. Despite its open nature, it is no secret that the largest and most powerful Internet companies are based in the US. Prior to Edward Snowden's revelations of a mass US government dragnet of Internet communications, few cared.
This is no longer the case.
The President of Brazil, Dilma Rousseff, for instance, recently postponed a planned meeting with President Barack Obama due to the growing uneasiness of US surveillance. In a statement from her office, a spokesman for President Rousseff stated, "The illegal interceptions of communications and data of citizens, companies, and members of the Brazilian government represents a serious act which violates national sovereignty and is incompatible with democratic coexistence between friendly countries." Glenn Greenwald originally reported that President Rousseff's personal phone calls and emails were monitored by the NSA.
Edward Snowden's revelations have spurred some foreign governments and social movements to consider adopting so-called "cyber-sovereignty" measures. Cyber-sovereignty (CS) is a national protectionist measure designed to protect a sovereign country's digital communications from foreign eavesdroppers.
However, it is more than just a national protectionist measure; it is also an attempt to internationalize the Internet (or perhaps more accurately, to wrest the Internet from US control).
Although implementation of CS measures may differ from country to country, most measures will require at least some American Internet services to allocate their servers domestically. In addition to domestic server demands, cyber-sovereignty measures call for developing new hardware and software, separate fiber optics, new domestic Internet services, and state-of-the-art encryption to protect a country's digital communications. It is important to clarify that in all probability most CS measures will not prohibit citizens from using foreign services. Instead, citizens are expected to be given a choice.
Most researchers, however, dismiss cyber-sovereignty measures as backward and ineffective. Renowned security researcher Bruce Schneier, for example, has suggested that CS can be hijacked by some authoritarian governments to seize greater control of the Internet. Schneier is not alone in his criticism. Johns Hopkins security expert Matthew Green has compared cyber-sovereignty to "Soviet socialism" and has suggested the US "free-for-all model works better."
Although both Schneier and Green have valid arguments, their arguments are not altogether free from criticism. Authoritarian governments have been censoring the Internet for years, so it is not likely that CS measures, if adopted by authoritarian countries, will make matters any worse.
In addition, because CS measures are not designed to prohibit citizens from using foreign services but to offer them a more secure domestic choice, it is not likely that such measures will further restrict the freedom of the Internet. Cyber-sovereignty is regarded as a more secure domestic choice in part because most Western democracies have more stringent privacy laws than the United States.
Perhaps even more importantly, cyber-sovereignty is in part a social movement led by citizens of the West in response to illegal surveillance. Green's comments on the so-called US model are overly simplistic and fail to take into account corporatism, backdoors, and the burgeoning US police state.
Cyber-sovereignty is not the answer to the problems of digital espionage. However, it is not the absurdity some researchers have suggested either. CS seeks to internationalize the Internet but somewhat disingenuously. In essence, it wants to replace one failed system (the US model) with nearly the same model (a national protectionist model). But the problem is not the US government alone. The problem is government—all governments.
This idea is gaining traction worldwide. Indeed, according to Roberto Valerio, whose cloud hosting business has seen a sharp increase in sales since Edward Snowden's revelations, "In the long run, there won't be any difference between what the US or Germany or France or the UK is doing… At the end of the day, some agency will spy on you."
Replacing US government control of the Internet with another government's control does not make it any more secure or free.
There is no question the Internet is dominated largely by American corporations. While Matthew Green lauds the virtues of American "free-for-all" services as better and decries the "Soviet socialism" of cyber-sovereignty measures, the truth is there is little difference between the two models.
The American system is a corporatist system, which means big government is in league with big corporations. The US model appears free from government control, but the exact opposite is true: big corporations are often mere unofficial extensions of federal and state governments. This ensures a seamless stream of data flow from the private sector to the government.
Some of the measures proposed for strengthening cyber-sovereignty include building a fiber optics network separate from the US. However, this measure, while on the surface appearing well-intentioned, is ultimately misguided, because unless a government can guarantee absolute security of the fiber optics, there is little reason to believe it will not be illegally tapped by the NSA.
Furthermore, requiring Google or Facebook, for example, to allocate their servers throughout the world to avoid US government surveillance is misguided. By definition, web searches and social networking sites are not private. And even if the servers housing data on foreign citizens were relocated to different countries, it will merely replace one government's access to the data with another. A perfect example of this is VK, Russia's version of Facebook and the second largest social network service in Europe.
A new national search engine is not necessarily a bad thing, but from a strict privacy perspective, it is not necessary. Startpage and DuckDuckGo, for example, offer anonymous Google and Bing results for anyone in the world to use for free. In fact, data from a nationalized search engine, developed and operated by a government in the name of cyber-sovereignty, will be accessible at all times to that government.
Protective measures to develop new software or hardware are also meaningless, because consumers already have a choice between closed source and open source hardware and software.
Open source is free and is (generally) free from government backdoors. In addition, perhaps equally important, open source applications are very often internationally developed by civil society.
Nationalizing an encrypted email service is not the answer to email security. Such a method will not protect citizens from their own government surveillance.
Instead, everyone should use decentralized open source encryption, such as OpenPGP, in conjunction with offshore email service providers.
Despite media hyperboles and disinformation, only some weak and common forms of encryption are breakable. Most other forms of encryption are not breakable. However, corporations are usually compelled (though many willingly comply) to grant backdoor access to the NSA and FBI. Backdoor access to encrypted or protected servers bypasses encryption standards and subverts the integrity of Internet security.
The US media, whose raison d'etre is to teach subservience to the political establishment, does its role to discourage encryption from ubiquitous use. The media would have us believe that all encryption is breakable—implying that the implementation of encryption, any encryption, is a waste of time.
However, Edward Snowden has stated that "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."
Cyber-sovereignty is not the answer to the problems of government surveillance, because it is government run. Stripped of government, CS can indeed be a powerful alternative to wrest the Internet from US control. However, if needs to be properly implemented.
A free market based CS approach focused on decentralization, open source initiatives, innovative Internet services, internationalized domain extensions, and domestic alternatives to social networking sites and search engines can help shift more Internet traffic away from US services and servers.
Many in the world are starving for a multi-polar digital world to internationalize their digital footprints and avoid the long reach of the US government—and in many instances, the jurisdiction of their domestic governments.
In the last few years we have witnessed the US government seize domains of businesses outside of the US on the grounds that a domain extension was under US jurisdiction. In addition, we have also witnessed email services being forced to hand over data to the US government or face criminal charges. It appears the "free-for-all model" advocated by Matthew Green is only applicable to services that grant the US government unfettered backdoor access.
By internationalizing domains, services, and all other digital footprints, businesses and private citizens can better protect themselves from unreasonable searches and seizures.
Ultimately the answer to ubiquitous surveillance is not government-run cyber-sovereignty. The answer lies in a divorce from government and closed source programing and a return to a truly decentralized system based on open source initiatives and architecture.
James Black is the author of The Privacy Book. For more information, please visit www.sovereignpress.org.